By hickory on
Jacques Distler has a post about weaknesses in Rails' built-in HTML sanitizer. Is there a test suite that's been run against Drupal's filter_xss to make sure it's not vulnerable to any of these?
Jacques Distler has a post about weaknesses in Rails' built-in HTML sanitizer. Is there a test suite that's been run against Drupal's filter_xss to make sure it's not vulnerable to any of these?
Comments
Rasmus Lerdorf's talk at OSCMS-Summit/Drupalcon
In his talk on PHP efficiency and security at OSCMS Summit / DrupalCon last week, Rasmus talked a lot about XSS attacks on various CMSes, and Drupal did very well in comparison to the others presented. The talk was recorded, so it should be floating around the web by now.
HedgeMage